Fix coverity scan (#8388)

* Fix coverity scan * Add path filter to pull_request: condition * Add missing dependency
2020-03-13 07:24:06 +10:00 · 2020-03-13 07:24:06 +10:00 · a18ec2d2d8
parent 53d0634b02
commit a18ec2d2d8
2 changed files with 40 additions and 32 deletions
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@ -4,6 +4,10 @@ name: Coverity Scan
 on:
  schedule:
    - cron: '0 1 * * *'
+  pull_request:
+    paths:
+      - .github/workflows/coverity.yml
+      - coverity-scan.sh
 jobs:
  coverity:
    if: github.repository == 'netdata/netdata'
@ -12,12 +16,18 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Prepare environment
+        env:
+          DEBIAN_FRONTEND: 'noninteractive'
        run: |
-          ./packaging/installer/install-required-packages.sh --dont-wait --non-interactive netdata
-          sudo apt-get install -y libjson-c-dev libipmimonitoring-dev libcups2-dev libsnappy-dev \
-                                  libprotobuf-dev libprotoc-dev libssl-dev protobuf-compiler
+          ./packaging/installer/install-required-packages.sh \
+            --dont-wait --non-interactive netdata
+          sudo apt-get install -y libjson-c-dev libipmimonitoring-dev \
+                                  libcups2-dev libsnappy-dev libprotobuf-dev \
+                                  libprotoc-dev libssl-dev protobuf-compiler \
+                                  libnetfilter-acct-dev
      - name: Run coverity-scan
        env:
+          REPOSITORY: 'netdata/netdata'
          COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
          COVERITY_SCAN_SUBMIT_MAIL: ${{ secrets.COVERITY_SCAN_SUBMIT_MAIL }}
        run: |
--- a/coverity-scan.sh
+++ b/coverity-scan.sh
@ -48,37 +48,35 @@ source packaging/installer/functions.sh || echo "Failed to fully load the functi
 cpus=$(find_processors)
 [ -z "${cpus}" ] && cpus=1

-if [ -f ".coverity-scan.conf" ]
-then
-	source ".coverity-scan.conf"
+if [ -f ".coverity-scan.conf" ]; then
+  source ".coverity-scan.conf"
 fi

 repo="${REPOSITORY}"
 if [ -z "${repo}" ]; then
-	fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
+  fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
 fi
 repo="${repo//\//%2F}"

 email="${COVERITY_SCAN_SUBMIT_MAIL}"
 if [ -z "${email}" ]; then
-	fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
+  fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
 fi

 token="${COVERITY_SCAN_TOKEN}"
 if [ -z "${token}" ]; then
-	fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
+  fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
 fi

-if ! command -v curl >/dev/null 2>&1; then
-	fatal "CURL is required for coverity scan to work"
+if ! command -v curl > /dev/null 2>&1; then
+  fatal "CURL is required for coverity scan to work"
 fi

 # only print the output of a command
 # when debugging is enabled
 # used to hide the token when debugging is not enabled
 debugrun() {
-  if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]
-  then
+  if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]; then
    run "${@}"
    return $?
  else
@ -91,7 +89,7 @@ scanit() {
  progress "Scanning using coverity"
  export PATH="${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/"
  covbuild="${COVERITY_BUILD_PATH}"
-  [ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
+  [ -z "${covbuild}" ] && covbuild="$(which cov-build 2> /dev/null || command -v cov-build 2> /dev/null)"

  if [ -z "${covbuild}" ]; then
    fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
@ -146,7 +144,7 @@ installit() {
    progress "Installing coverity..."
    cd "${INSTALL_DIR}"

-    run sudo tar -z -x -f  "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
+    run sudo tar -z -x -f "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
    rm "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz"
    export PATH=${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/
  else
@ -154,7 +152,7 @@ installit() {
  fi

  # Validate the installation
-  covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
+  covbuild="$(which cov-build 2> /dev/null || command -v cov-build 2> /dev/null)"
  if [ -z "$covbuild" ]; then
    fatal "Failed to install coverity."
  fi
@ -183,23 +181,23 @@ OTHER_OPTIONS+=" --enable-backend-prometheus-remote-write"

 FOUND_OPTS="NO"
 while [ -n "${1}" ]; do
-	if [ "${1}" = "--with-install" ]; then
-		progress "Running coverity install"
-		installit
-		shift 1
-	elif [ -n "${1}" ]; then
-		# Clear the default arguments, once you bump into the first argument
-		if [ "${FOUND_OPTS}" = "NO" ]; then
-			OTHER_OPTIONS="${1}"
-			FOUND_OPTS="YES"
-		else
-			OTHER_OPTIONS+=" ${1}"
-		fi
+  if [ "${1}" = "--with-install" ]; then
+    progress "Running coverity install"
+    installit
+    shift 1
+  elif [ -n "${1}" ]; then
+    # Clear the default arguments, once you bump into the first argument
+    if [ "${FOUND_OPTS}" = "NO" ]; then
+      OTHER_OPTIONS="${1}"
+      FOUND_OPTS="YES"
+    else
+      OTHER_OPTIONS+=" ${1}"
+    fi

-		shift 1
-	else
-		break
-	fi
+    shift 1
+  else
+    break
+  fi
 done

 echo "Running coverity scan with extra options ${OTHER_OPTIONS}"